System and method for maintaining a state for a user session using a web system having a global session server

ABSTRACT

A system and method are provided for maintaining states for user sessions with a web system. Maintaining state includes receiving a request from a user that initiates a user session with the web system and processing the request to provide a web page to the user. Session data (220) representing a state of the user session is stored in memory in a global session server (212). Then, for each subsequent request associated with the user session, the subsequent request is received, and the session data (220) is retrieved from the global session server (212). The subsequent request is then processed using the session data (220) to provide a web page to the user, and the session data (220) is changed to reflect the processing. The session data (220) is then updated in the global session server (212). The global session server (212) thereby stores session data (220) unique to each user session accumulated over multiple web transactions. In one implementation, the session data (220) includes name/value pairs where the values can be self describing objects such as text, numbers, arrays, and interfaces to other objects.

TECHNICAL FIELD OF THE INVENTION

The present invention relates in general to the field of public networksand network communication and, more particularly, to a system and methodfor maintaining states for user sessions with a web system.

BACKGROUND OF THE INVENTION

For many business enterprises, it has become important to reachcustomers, vendors and employees through the Internet or other publicnetwork. Consequently, there is a large and growing number of web-basedsite development and management tools available to enterprises that wantto create or improve a presence on the Internet. However, a number ofproblems are recurrent in such web development efforts and notadequately addressed by conventional web site development and managementtools.

Web-based communication is different from mainframe and client-serverarenas where many information services (IS) departments have most oftheir expertise. One difference is that HTTP, an underlying protocol ofweb communication, is both connectionless and stateless. This causes aproblem for dynamic interactions with the user where a web system needsto be able to keep track of the user's state during a session involvingmultiple web interactions (e.g., web page requests). Without a way tomanage state, between web transactions the system will have "forgotten"information about the user and the context of the session. This can befurther complicated by the fact that in many large web systems the userdoes not interact with the same web server from transaction totransaction.

SUMMARY OF THE INVENTION

In accordance with the present invention, a system and method formaintaining states for user sessions with a web system are disclosedthat provide significant advantages over conventional web-based systemdevelopment and management tools.

According to one aspect of the present invention, maintaining stateincludes receiving a request from a user that initiates a user sessionwith the web system and processing the request to provide a web page tothe user. Session data representing a state of the user session isstored in memory in a global session server. Then, for each subsequentrequest associated with the user session, the subsequent request isreceived, and the session data is retrieved from the global sessionserver. The subsequent request is then processed using the session datato provide a web page to the user, and the session data is changed toreflect the processing. The session data is again updated in the globalsession server. The global session server thereby stores session dataunique to each user session accumulated over multiple web transactions.In one implementation, the session data includes name/value pairs wherethe values can be self describing objects such as text, numbers, arrays,and interfaces to other objects.

A technical advantage of the use of the global session server is that itallows a web system engine to remain stateless with respect to anongoing user interaction with the web system. This ability to remainstateless frees web system engine to effectively manage server loadbalancing and other speed issues. Further, by separating the stateinformation from important enterprise data (which can be stored insecure databases), the global session server allows the web systemengine to more quickly associate a state with a particular user requestthat reflects the history of the current user session.

Other technical advantages should be readily apparent to one skilled inthe art from the following figures, description, and claims.

BRIEF DESCRIPTION OF THE DRAWINGS

A more complete understanding of the present invention and advantagesthereof may be acquired by referring to the following description takenin conjunction with the accompanying drawings, in which like referencenumbers indicate like features, and wherein:

FIG. 1 is a block diagram of one embodiment of a logical layout of anenterprise interaction hub for managing an enterprise web system;

FIGS. 2A and 2B are block diagrams of object flow within one embodimentof a web system implemented using an enterprise interaction hub;

FIGS. 3A and 3B are block diagrams of an enterprise web system thatimplements a centralized global session server and a distributed globalsession server; and

FIG. 4 is a block diagram of one embodiment of using a global sessionserver within an enterprise web system.

DETAILED DESCRIPTION OF THE INVENTION Enterprise Interaction Hub LogicalLayout

FIG. 1 is a block diagram of one embodiment of a logical layout of anenterprise interaction hub, indicated generally at 10, for managing anenterprise web system. One example of a commercially availableenterprise interaction hub implemented using the layered architecture ofFIG. 1 is the SMART DNA™ HUB available from SMART Technologies, Inc. ofAustin, Tex. As shown in FIG. 1, hub 10 comprises a series of layersbound together through the use of a communication protocol such as DCOM.The layers include an interaction layer 12, a presentation layer 14, abusiness layer 16 and an integration layer 18. Presentation layer 14includes render objects 20, business layer 16 includes business objects22, and integration layer 18 includes COM objects 24. Integration layer18 interfaces to enterprise space 26 that may include legacyapplications and data and to independent software vendor (ISV) space 28that may include various ISV applications, such as ECOMM orconfiguration applications (such as the configuration product availablefrom CALICO).

Services 30, trend data collection layer 32 and management console 34span the four layers 12, 14, 16 and 18. Trend data collection layer 32can store data, based upon user activity over time, in a trend database36. One use for trend database 36 is to be mined for data to populate aprofile database 38. This profile data can be used to characterizeindividual users and can be fed back into presentation layer 14 andbusiness layer 16. Further, interaction modules 40 provide managementand interface functions including a workbench 42 and component creator44. This layered architecture for hub 10 allows the various functionalareas of a web system to be insulated from each other helping to improveweb system robustness while easing development and quality assurancethrough clear demarcations of functionality. The layered architecturealso allows pieces of the web system to evolve individually as businessneeds and web technologies change.

In operation, interaction layer 12 serves as the front door to the websystem. Interaction layer 12 can be responsible for enforcing security,managing sessions, and distributing requests to the most availableservers. By actively monitoring the status of render engines inpresentation layer 14, interaction layer 12 is able to ensure highavailability and optimum load balancing across the web system.Interaction layer 12 can also provide an important optimization in theform of page caching, a technology which improves performance four-foldover dynamically generated pages. In one implementation, integrationlayer 12 is built around the MICROSOFT® INTERNET INFORMATION SERVER andincorporates system-wide session management and comprehensive security.In this manner, integration layer 12 of hub 10 handles many of thetechnical difficulties of web development.

Presentation Layer 14 can server to generate web pages for interactionwith the user. In one implementation, presentation layer 14 includeshypertext markup language (HTML) pages augmented by a special set oftags. The pages within presentation layer 14 can be edited through thepage development and management environment provided by workbench 42. Inone implementation, workbench 42 is built around MICROSOFT® FRONT PAGEand VISUAL SOURCE SAFE and is integrated into a database-centricarchitecture for managing content. Workbench 42 can provide HTMLediting, tightly integrated version control, and page promotion tools(e.g., to promote pages from development, through quality assurance andto production). Further, using a server side tag set and standard HTML,developers can create a large proportion (e.g., 90%) of all pageswithout custom code. At the same time, such pages can have the power toaccess information in legacy systems through integration layer 18,utilize business rules in business layer 16 to make complicateddecisions, and display customized content. However, even the mostcomplete server-side tag set may not meet every conceivable businessneed. For that reason, render engines in presentation layer 14 areresponsible for interpreting the tag set which is expandable throughrender object extensions. New tags or whole tag sets can be developed tomeet the enterprise's needs and can then be used in the HTML of the pagewith no coding on the part of the developer.

Business layer 16 provides the business logic for the web system.Business layer 16 includes the business rules of the system which arecarefully isolated from the presentation layer. The business rules canbe implemented as COM business objects 22 within business layer 16. Thisseparation into a layer has the advantage of centralizing business rulesand guaranteeing that business rules are implemented consistentlythroughout the system. This makes the business rules far easier tochange than in systems where such rules are embedded in the page.Further, this approach makes page and business rule development moresimple and less expensive. For example, HTML developers can beresponsible for developing and maintaining a page while programmers canimplement business rules. Since each rule or set of rules can be aseparate COM business object 22, business rules can be unit testedreducing the complexity of quality assurance and improving the overallrobustness of the web system. This separation provides another majoradvantage which is the protection of the enterprise's investment incustom coding. For example, when new versions of HTTP are released orHTML is replaced by XML as the standard of choice, the business logic ofweb systems built upon hub 10 will continue to work without modificationof business layer 16.

Integration layer 18 allows the system to tie into a wide array ofexisting legacy applications, databases and third party software presentin enterprise space 26 and ISV space 28. Integration layer 18 canutilize DCOM and CORBA or can be extended to use proprietary standardsfor communicating with other parts of the enterprise. By isolating thedifficult issues of integration into a separate layer, the overall costof web system development can be decreased. HTML developers can developthe pages of presentation layer 14 which access the enterprise's othersystems through tags in the page rather then requiring skill setsnecessary to integrate into those systems. In the same way, integrationlayer 18 provides visibility to the rest of the enterprise for businesslogic layer 16 through the use of application program interfaces(API's), allowing cost-effective junior level programmers to implementthe bulk of the web system business logic.

Trend data collection layer 32 is a transparent layer that monitors andaccumulates historical information from layers 12, 14, 16 and 18 in hub10 and stores that information in trend database 36. As a request isprocessed through the layers, the layers generate events providinginformation about the request. These events can be as high level assimple transaction log events which detail that a request for a givenpage came in with a certain session ID and IP address or can be asgranular as events generated by individual business rule objectsdetailing their specific interactions with the request. By customizingthe events that are generated and captured, the business can capture anylevel of detail about the web system's functioning without impactingsystem performance. This information can then be used to meet thebusiness' needs for history, reporting, capacity planning, systemmonitoring and, through the profile layer, marketing research.

By tracking the interactions of customers using trend database 36, hub10 can profile the way users typically interact with the enterprise andthe products and services that interest them. This profile informationis stored in profile database 38 and allows the enterprise to improvethe user's interactions. Further, this profile information provides avaluable marketing research tool. The profile information can be furtherleveraged through advertisements and content targeted at individualcustomers which simultaneously serve the customer's need and increasesales for the enterprise.

Hub 10 uses profile information and business rules to provide customizeddynamic content designed to appeal to the individual user's interests.This personalized content helps the enterprise serve the user'sindividual needs in a customized way not available through other formsof communication. This personalization can utilize business rules inbusiness logic layer 16 and additional information from integrationlayer 18 to determine content to display. HTML page developers simplyneed to drop in appropriate tags and the content dynamically appears.Whether displaying an advertisement for accessories that complementproducts in the user's catalog, offering special personalizedpromotions, or just offering information of potential interest,personalization makes the interaction richer and more satisfying.

Console 34 provides a control center for a system built on hub 10.Console 34 allows centralized administration of the system including:adding or removing servers, monitoring render engine load, and changingthe configurations for business objects and integrated third partysoftware utilized by the system.

Hub 10 can use dynamic load balancing to evenly distribute requestsacross any number of web system servers. Balanced systems tend to beimmune to momentary traffic spikes and much more robust under peaktraffic situations. Since hub 10 actively monitors and distributesrequests to the most available servers, the response time of the systembecomes much more consistent and servers can be added or removed fromthe system transparently. To manage the problems of state and session, aglobal session server (GSS) is built directly into hub 10. This globalsession server transparently provides session information to servers inthe web system and provides a fault-tolerant architecture formaintaining state. The global session server is described in more detailbelow.

Reliability is also a key feature of hub 10. Hub 10 is designed to allowmultiple redundancy at every level and actively monitors request statusand redistributes requests as necessary to guarantee fault toleranceagainst individual server failures. Additionally, by separating the websystem into functional layers bound together through DCOM, servers areinsulated against individual component failures. The component inquestion can be restarted without impacting other server.

Hub 10 is a database centric architecture and includes active requestmonitoring. As a result, hub 10 allows servers to be taken in and out ofservice as needed. Unlike systems utilizing the file-system to storepages, with hub 10, promotion of pages through the typical development,quality assurance, and production cycle does not involve filereplication and version controlling issues. Instead promoting pagesconsists of changing a page status in the content database. This alsomeans that setting up a new server is simply a matter of installing thehub software, the server will then gather all its settings and pagesfrom a centralized distribution point. From an administrativestandpoint, there is the capability of using the monitoring and remoteadministration tools built into a WINDOWS NT Server. Additionally, thesystem's settings and statuses are centrally controllable with console34. Also, by complying with standards for SNMP and Performance Monitorcounters, hub 10 can allow the enterprise to use third party monitoringtools such as TME available from TIVOLI and PATROL available from BMCSOFTWARE.

With respect to security, on top of support for firewalls, hub 10 can beconfigured to provide several additional levels of protection. In oneimplementation, tamper-proof URLs are in effect for every hubinstallation. For example, through the use of 128-bit encryptionalgorithms, hub 10 can detect a URL that has been altered and reject theassociated requests. Memory based cookies can take security to the nextlevel by validating that all requests for a single session areoriginating on the same machine. Security is even further enhancedthrough the use of the latest web-based technologies, such as SSLencryption and certificate authentication, both supported by the hubframework. Also, hub 10 can allow access to be controlled on a page-bypage basis by specifying group-based access rights for each page.

Enterprise Interaction Hub Object Flow

FIGS. 2A and 2B are block diagrams of object flow within one embodimentof a web system implemented using an enterprise interaction hub. Inparticular, FIGS. 2A and 2B represent a web system implemented using theSMART DNA™ HUB available from SMART Technologies, Inc. of Austin, Tex.As shown in FIG. 2A, a load distribution unit 98 receives user URLrequests. Load distribution unit 98 then distributes each URL request toone of a plurality of physical computer systems for processing. In oneimplementation, load distribution unit 98 can be a CISCO Front End LocalDirector which uses a "round robin" or "least connections" algorithm forrouting requests. Further, in this implementation, the routing schemecan use a "sticky" feature to attempt to route certain categories ofrequests to the same physical computer system.

In the embodiment of FIGS. 2A and 2B, each physical computer system hasa MICROSOFT® INTERNET INFORMATION SERVER (IIS) 100 that receives routedURL requests. Server 100 in turn feeds a broker 102 which includes adocument cache 104. Broker 102 can interface with security agent 106which in turn can interface with encryption agent 108. Encryption agent108 can interface with attribute cache 110 which can access a database112. IIS performance counters 114 monitor performance of broker 102 andreceives information from NT performance monitor 116.

To service a request, broker 102 interfaces with one of multiple enginemanagers 120. Engine managers 120 distribute the load of servicingrequests to render engines 122. Engine managers 120 also interface witha Power Builder bridge 124. Referring to FIG. 2B, render engines 122 inturn interface with Power Builder (PBD) engines 126 which each caninclude a render engine PBD 130 and application code PBDs 132. PowerBuilder bridge 124 also interfaces with Power Builder engines 126, aswell as encryption agent 128. To access state information relevant to arequest, Power Builder engines 126 interface with a session manager 134.Session manager in turn interfaces with a global session server (GSS)136 which stores state information for user sessions. In theimplementation of FIGS. 2A and 2B, global session server 138 ismaintained as a component in memory and stores data items associatedwith the state of a user session. To access content, Power Builderengines 126 interface with script broker 140. Script broker 140 can theninterface with a legacy web application 142, script page cache 144 (anddatabase 146) and project databases 148.

In operation, bridge 124 allows debugging of Power Builder applicationcode 132 and render engines 122. Render engines 122 parse the raw HTMLscript and take an appropriate action depending on the tags. Enginemanager 120 is the system element that receives requests from the broker102, binds the request to an available render engine 122, delivers therequest to a render engine 122, receives the results from the renderengine 122, and delivers the results back to broker 102. Engine manager120 can perform extensive error recovery in the case of a failure duringthe render process. Script page cache 144 is responsible for caching thescript pages in a memory based cache to avoid fetching the script pagefrom a database 148 on every render request. Attribute cache 110provides fast access to (security related) group access numbers and(document cache related) cache control enumeration. Encryption agents108 and 106 are objects that implement an encryption algorithm (e.g.,MD5) and are used by several system elements to provide security.Security agent 106 is an object used by broker 102 to apply securitychecks to an incoming request and generate a security violation rejectif the checks detect a security violation.

The enterprise hub provides a scalable, open platform for run-timeproduction support and development of enterprise Internet and intranetapplications. As mentioned above, the Internet is a connectionlessenvironment, HTTP is a stateless protocol, and each browser request to aweb server is independent. The web server does not inherently retain thestate of a particular user's past requests. To solve this problem,application work flow is maintained by a session control layer providedby session manager 134 and by global session server 136. Session manager134 bundles and stores session data to the centralized or distributedglobal session server 136 for access from any system node. Each time auser enters the web system the user can be given a new unique sessionID. Session IDs can be set to expire after any period of inactivity orafter log-out. Session information is stored at run-time by sessionmanager 134. Application level code can query session manager 134 forsession data through a COM interface.

Global Session Server Implementations

FIGS. 3A and 3B are block diagrams of an enterprise web system thatimplements a centralized global session server and a distributed globalsession server. In the embodiment of FIG. 3A, a centralized globalsession server is common to multiple render engines. As shown, a websystem 200 includes multiple render engines 202. Render engines 202interface to session managers 204 each of which include a session cache206. Each session cache 206 can interface with global session server 208which is maintained in memory for quick access. Render engines 202 canbe distributed across multiple physical computer systems, and one ormore render engine 202 can exist on any of the physical computer systemsat a particular point in time.

In operation, web system engine 200 provides a web system that servicesrequests for web content from users and returns web pages to users.Typically, the requests will be part of a session with the web systemwhere the session involves multiple web interactions by a user that spana relatively short period of time or that occur between log-in andlog-out by a user. Typically, the session involves a user visiting theweb system to transact some type of business and then leaving the websystem. The components of web system engine 200 perform variousfunctions in servicing requests within the context of web interactionsas described, for example, with respect to FIGS. 1, 2A and 2B above. Itshould be understood that implementations for web system engine 200other than that shown above can be used and are within the scope of thepresent invention.

In the implementation of FIG. 3A, when a user engages in a session withthe web system, requests from the user will be directed to renderengines 202. In servicing a user request, render engines 202 can getcurrent state information for that session through the respectivesession manager 204 and session cache 206 and from global session server208. Render engines 202 then operate to process requests using thesession information and return web content that reflects the state ofthe user session. The lifetime of the session data stored in globalsession server 208 can be relatively short. The session data typicallyspans one session by a user defined either by a specified period of timeor by log-in and log-out events. Because of the short duration, thefocus on global session server 208 can be to provide quick stateinformation without the need for special security protocols.

During a user session, when a request is received, a session ID (SID) isassociated with the request. The SID identifies the request as part of aparticular user session. The render engine 202 processing the requestpasses the SID to session manager 204 to request session information forthat SID. Session cache 206 within that session manager 204 then calls a"lock" on that SID within global session server 208. Assuming thesession data for that SID is not already "locked", the session cache 206well then download the session data from global session server 208 forthat SID. Session manager 204 then provides the session information insession cache 206 to render engine 202. After render engine 202 hasbuilt the web page and provided it back to the user, the session cache206 calls an "unlock", and changes to the session state are written backfrom session cache 206 to global session server 208. The new sessiondata for that SID is then again available for access.

Referring to FIG. 3B, the global session server can also be distributedacross multiple physical computer systems. As with FIG. 3A, a web system210 includes multiple render engines 212. Render engines 212 interfaceto session managers 214. Each session manager 214 includes a broker 216and a session cache 218. Each session cache 218 can interface withmultiple global session servers 220 which is maintained in memory forquick access. Render engines 212 can be distributed across multiplephysical computer systems, and one or more render engine 212 can existon any of the physical computer systems at a particular point in time.When a user engages in a session with the web system, requests from theuser will be directed to render engines 212. In servicing a userrequest, render engines 212 can get current state information for thatsession through the respective session manager 214 and session cache 218and from one of the global session servers 220. Brokers 216 are use tolocate the global session server 220 that stores the master copy ofsession data for the particular user session. Session cache 218 can theninterface with the correct global session server 220 to obtain thesession data. Render engines 202 then operate to process requests usingthe session information and return web content that reflects the stateof the user session.

As above, when a request is received, a session ID (SID) is associatedwith the request. The SID identifies the request as part of a particularuser session. The render engine 212 processing the request passes theSID to session manager 214 to request session information for that SID.A "lock" is then called in the broker 216 for that session manager 214.Broker 216 then determines where the master copy of session data forthat SID is located. Broker 216 makes a connection through the localsession cache 218 to the session cache 218 on the computer system wherethe master copy of session data is stored. Session cache 218 thendownloads the session data from the global session server 220 thatstores the master copy. Session manager 214 then provides the sessioninformation to render engine 212. After render engine 212 has built theweb page and provided it back to the user, an "unlock" is called. Thiscauses changes to the session state to be written back from sessioncache 218 to the master copy of the session data on global sessionserver 220. The new session data can also be written to one or moreshadow copies stored in other global session servers 220. Also,migration of the master copy to a new location can occur if, forexample, enough hits from a remote system have occurred. After the"unlock" completes, the new session data for that SID is again availablefor access.

In one implementation, migration of master copies uses a count of thenumber of accesses to a master copy from any particular computer system.The master copy of the session data is then allowed to migrate to thecomputer system making the largest number of requests over a specifiedtunable threshold. This allows session data to be retrieved more quicklyon the computer system accessing it most often without the expense ofpulling the session data over the network. The maintenance of master andshadow copies of session data can be accomplished, for example, by usingthe MICROSOFT Transaction Server whereby if a change does not getcompleted, that copy of the data is removed from the list.

It should be understood that various implementations are possible withone or more global session servers 220 storing session data accessedthrough one or more session managers 214. The distribution of stateinformation across multiple global session servers 220 allows robustoperation in case of the failure of one or more software or hardwarecomponents. For example, if a master copy of session data is lost, oneof the shadow copies can be promoted to be the master to maintaincontinuity of the user session. Further, the distributed nature canallow quick access to local memory without requiring networkcommunication to obtain the session data.

Use of Global Session Server

FIG. 4 is a block diagram of one embodiment of using a global sessionserver within an enterprise web system. As shown, the web system can bemaintained by a web system engine 230 that has access to a globalsession server 232. Web system engine 230 can be like that describedabove, or can include other component implementations. A web interactionwith the web system occurs when a user request is received and istypically part of a user session. The request is commonly an HTTPrequest generated by remote user software such as a web browser. Todynamically respond to the request, web system engine 230 uses globalsession server 232 to maintain state information about the current usersession associated with the request.

In particular, the state information can be stored as session data 234created for each user session. Session data 234 can be created when auser initiates a web interaction and there is no current session datafor that user. When servicing a request, web system engine 230 cancreate a session cache 236 and provide session cache 236 with a sessionID. Using the session ID, session cache 236 can then request thecorresponding session data 234 from global session server 232. If thesession data 234 is not already locked, global session server 232 canprovide session data 234 to session cache 236 and lock session data 234from concurrent access. If the session data 234 is already locked, thenanother session cache 236 is currently processing a request for thatuser session which needs to be completed. After completion, session data234 is updated and made available. Once session cache 236 receives thesession data 232, web system 230 can use this session information tohelp build a responsive web page. When the web page is built, it is sentto the requesting user. The session data 234 is then updated, stored inglobal session server 232, and released for access by another sessioncache 236. In one implementation, session cache 236 is not releaseduntil after one or more shadow copies of session data 234 have beenmade.

A technical advantage of the use of global session server 232 is that itallows web system engine to remain stateless with respect to an ongoinguser session with the web system. This ability to remain stateless freesweb system engine 230 to effectively manage server load balancing andother speed issues. Further, by separating the state information fromimportant enterprise data and storing it in operating memory, globalsession server 232 allows web system engine 230 to more quicklyassociate a state with a particular user request.

The data stored in a session state 234 can include any helpfulinformation concerning a web session with the web system. In oneimplementation, the session data stores a list of name/value pairs asshown, for example, in the following table.

    ______________________________________                                        variable name         value                                                   ______________________________________                                        password              xxxxxx                                                  address               IP address                                              . . .                 . . .                                                   ______________________________________                                    

In this implementation, the values are simply character strings. Inanother, extended implementation, the session data stores variablevalues that are self describing objects. Such objects can include text,numbers, arrays and interfaces to other objects (e.g., applicationobjects, images, sound files, movie files, etc.). This use of selfdescribing objects provides a richer object structure and theimplementation of more features which allow the session state to be apowerful tool to enable dynamic and individualized interactions with theweb system.

Although the present invention has been described in detail, it shouldbe understood that various changes, substitutions and alterations can bemade thereto without departing from the sphere and scope of theinvention as defined by the appended claims.

What is claimed is:
 1. A method for maintaining a state for a usersession with a web system, comprising:receiving a request from a userthat initiates a user session with the web system; processing therequest and providing a web page to the user using one of a plurality ofweb system engines; storing a single set of session data representing astate of the user session in a global session server, the global sessionserver accessible by the web system engines such that the web systemengines can share the session data; and for each subsequent requestassociated with the user session:receiving the subsequent request;retrieving the session data from the global session server using one ofthe web system engines; processing the subsequent request at the websystem engine using the session data to provide a web page to the user;changing the session data to reflect the processing; and updating thesingle set of session data in the global session server according to thechanged session data.
 2. The method of claim 1, wherein the session dataincludes name/value pairs where the values comprise text and numbers. 3.The method of claim 1, wherein the session data includes name/valuepairs where the values comprise self describing objects such as text,numbers, arrays, and interfaces to other objects.
 4. The method of claim1, wherein the user session terminates after a specified period of timeand requests received after termination initiate a new user session. 5.The method of claim 1, wherein the user session is defined by userlog-in and log-out events.
 6. The method of claim 1, wherein the globalsession server is distributed across a number of physical computersystems.
 7. The method of claim 6, wherein the global session serverincludes master and shadow copies of the session data.
 8. The method ofclaim 1, wherein the session data in the global session server is lockedfrom access after retrieving the session data and is unlocked afterupdating the session data.
 9. The method of claim 1, wherein at leastone of the web system engines is implemented on a plurality of physicalcomputer systems.
 10. The method of claim 9, wherein each computersystem has a session manager, the session manager managing access to theglobal session server.
 11. The method of claim 10, wherein each physicalcomputer system has a global session server stored in memory and holdingmaster or shadow copies of session data for user sessions.
 12. A websystem that maintains a state for a user session, comprising:a pluralityof web system engines; and a global session server stored in memory andaccessible by the web system engines; the web system engines operable toreceive a request from a user that initiates a user session with the websystem and operable to process the request and provide a web page to theuser; the web system engines also operable to store a single set ofsession data representing a state of the user session in the globalsession server such that the web system engines can share the sessiondata; and the web system engines further operable, for each subsequentrequest associated with the user session:to receive the subsequentrequest; to retrieve the session data from the global session server; toprocess the subsequent request using the session data and provide a webpage to the user; to change the session data to reflect the processing;and to update the single set of session data in the global sessionserver according to the changed session data.
 13. The web system ofclaim 12, wherein the session data includes name/value pairs where thevalues comprise text and numbers.
 14. The web system of claim 12,wherein the session data includes name/value pairs where the valuescomprise self describing objects such as text, numbers, arrays, andinterfaces to other objects.
 15. The web system of claim 12, wherein theuser session terminates after a specified period of time and requestsreceived after termination initiate a new user session.
 16. The websystem of claim 12, wherein the user session is defined by user log-inand log-out events.
 17. The web system of claim 12, wherein the globalsession server is distributed across a number of physical computersystems.
 18. The web system of claim 17, wherein the global sessionserver includes master and shadow copies of the session data.
 19. Theweb system of claim 12, wherein the session data in the global sessionserver is locked from access after retrieving the session data and isunlocked after updating the session data.
 20. The web system of claim12, wherein at least one of the web system engines is implemented on aplurality of physical computer systems.
 21. The web system of claim 20,wherein each computer system has a session manager, the session managermanaging access to the global session server.
 22. The web system ofclaim 21, wherein each physical computer system has a global sessionserver stored in memory and holding master or shadow copies of sessiondata for user sessions.